https://github.com/abrahamjuliot/web-fingerprinting

web fingerprinting research
https://github.com/abrahamjuliot/web-fingerprinting

Last synced: 1 day ago
JSON representation

web fingerprinting research

• Host: GitHub
• URL: https://github.com/abrahamjuliot/web-fingerprinting
• Owner: abrahamjuliot
• Created: 2020-09-19T21:16:23.000Z (about 4 years ago)
• Default Branch: master
• Last Pushed: 2023-07-10T04:31:43.000Z (over 1 year ago)
• Last Synced: 2024-08-02T01:26:27.399Z (3 months ago)
• Language: JavaScript
• Size: 85 KB
• Stars: 202
• Watchers: 20
• Forks: 33
• Open Issues: 2
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-repositories - abrahamjuliot/web-fingerprinting - web fingerprinting research (JavaScript)

README

        
# web fingerprinting

web fingerprinting research

## Papers

- [Fashion Faux Pas: Implicit Stylistic Fingerprints for Bypassing Browsers' Anti-Fingerprinting Defenses](https://www.computer.org/csdl/proceedings-article/sp/2023/933600b640/1Js0Ecrxjzi) (Lin et al., 2023)

- [DRAWN APART: A Device Identification Technique based on Remote GPU Fingerprinting](https://arxiv.org/pdf/2201.09956.pdf) (Laperdrix et al., 2022)

- [FP-Radar: Longitudinal Measurement and Early Detection of Browser Fingerprinting](https://arxiv.org/pdf/2112.01662.pdf) (Bahrami et al., 2021)

- [Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World](https://www.usenix.org/system/files/sec22summer_cherubin.pdf) (Cherubin et al., 2021)

- [Gummy Browsers: Targeted Browser Spoofing against State-of-the-Art Fingerprinting Techniques](https://arxiv.org/pdf/2110.10129.pdf) (Liu et al., 2021)

- [A Study of Feasibility and Diversity of Web Audio Fingerprints](https://arxiv.org/pdf/2107.14201.pdf) (Vadrevu et al., 2021)

- [EssentialFP: Exposing the Essence of Browser Fingerprinting](https://www.cse.chalmers.se/~andrei/secweb21.pdf) (Sjösten et al., 2021)

- [BrFAST: a Tool to Select Browser Fingerprinting Attributes for Web Authentication According to a Usability-Security Trade-off](https://arxiv.org/pdf/2104.09175.pdf) (Andriamilanto et al., 2021)

- [Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses](https://arxiv.org/pdf/2103.04952.pdf) (Shusterman et al., 2021)

- [Tales of Favicons and Caches: Persistent Tracking in Modern Browsers](https://www.cs.uic.edu/~polakis/papers/solomos-ndss21.pdf) (Polakis et al., 2021)

- [Estimation of the time for calculating the attributes of browser fingerprints in the user authentication task](https://www.e3s-conferences.org/articles/e3sconf/pdf/2020/84/e3sconf_TPACEE2020_01030.pdf) (Iskhakov et al., 2020)

- [Who Touched My Browser Fingerprint?: A Large-scale Measurement Study and Classification of Fingerprint Dynamics](https://yinzhicao.org/fpmeasurement/imc20.pdf) (Li et al., 2020)

- [The Elephant in the Background: A Quantitative Approach to Empower Users Against Web Browser Fingerprinting](https://easychair.org/publications/preprint_open/H7Dc) (Fietkau et al., 2020)

- [Taint Analysis for Browser Fingerprinting](https://www.ekzhang.com/assets/pdf/Browser_Fingerprinting.pdf) (Zhang et al., 2020)

- [Canvas Deceiver - A New Defense Mechanism Against Canvas Fingerprinting](http://www.iiisci.org/journal/CV$/sci/pdfs/SA899XU20.pdf) (Lee et al., 2020)

- [Learning-based Practical Smartphone Eavesdropping with Built-in Accelerometer](https://www.ndss-symposium.org/wp-content/uploads/2020/02/24076-paper.pdf) (Ba et al., 2020)

- [Carnus: Exploring the Privacy Threats of Browser Extension Fingerprinting](https://www.ndss-symposium.org/wp-content/uploads/2020/02/24383.pdf) (Karami et al., 2020)

- [Shedding light on web privacy impact assessment: A case study of the Ambient Light Sensor API](https://lukaszolejnik.com/SheddingLightWebPrivacyImpactAssessmentIWPE20.pdf) (Olejnik, 2020)

- [Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors](https://umariqbal.com/papers/fpinspector-sp2021.pdf) (Iqbal et al., 2020)

- [Taming The Shape Shifter: Detecting Anti-fingerprinting Browsers](https://hal.archives-ouvertes.fr/hal-02612461/document) (Laperdrix et al., 2020)

- [Long-Term Observation on Browser Fingerprinting: Users’ Trackability and Perspective](https://petsymposium.org/2020/files/papers/issue2/popets-2020-0041.pdf) (Pugliese et al., 2020)

- [FP-Crawlers: Studying the Resilience of Browser Fingerprinting to Block Crawlers](https://hal.inria.fr/hal-02441653/document) (Vastel et al., 2020)

- [Robust Website Fingerprinting Through the Cache Occupancy Channel](https://arxiv.org/pdf/1811.07153.pdf) (Shusterman et al., 2019)

- [Browser Fingerprinting: A survey](https://arxiv.org/pdf/1905.01051.pdf) (Laperdrix et al., 2019)

- [Evaluating Anti-Fingerprinting Privacy Enhancing Technologies](https://www1.icsi.berkeley.edu/~mct/pubs/www18.pdf) (Tschantz et al., 2019)

- [JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks](https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_07A-3_Schwarz_paper.pdf) (Schwarz et al., 2018)

- [Hiding in the Crowd: an Analysis of the Effectiveness of Browser Fingerprinting at Large Scale](https://hal.inria.fr/hal-01718234v2/document) (Laperdrix et al., 2018)

- [Clock Around the Clock: Time-Based Device Fingerprinting](http://www.eurecom.fr/fr/publication/5664/download/sec-publi-5664.pdf) (Sanchez-Rola et al., 2018)

- [On Estimating Platforms of Web User with JavaScript Math Object](https://meiji.elsevierpure.com/en/publications/on-estimating-platforms-of-web-user-with-javascript-math-object) [[google](https://www.google.com/books/edition/_/4-xqDwAAQBAJ?hl=en&gbpv=1&pg=407)] (Saito et al., 2018)

- [Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript](https://gruss.cc/files/fantastictimers.pdf) (Gruss et al., 2017)

- [XHOUND: Quantifying the Fingerprintability of Browser Extensions](https://securitee.org/files/xhound-oakland17.pdf) (Nikiforakis et al., 2017)

- [Discovering Browser Extensions via Web Accessible Resources](https://www.cse.chalmers.se/~andrei/codaspy17.pdf) (Sjösten et al., 2017)

- [FP-STALKER: Tracking Browser Fingerprint Evolutions](https://hal.inria.fr/hal-01652021/document) (Laperdrix et al., 2017)

- [Battery Status Not Included: Assessing Privacy in Web Standards](https://www.cs.princeton.edu/~arvindn/publications/battery-status-case-study.pdf) (Englehardt et al., 2017)

- [Inhibiting Browser Fingerprinting and Tracking](https://eprints.soton.ac.uk/408726/1/possible_to_tackle_fingerprinting_complete2.pdf) (Luangmaneerote et al., 2017)

- [Picasso: Lightweight Device Class Fingerprinting for Web Clients](https://research.google.com/pubs/archive/45581.pdf) (Bursztein et al., 2016)

- [Online tracking: A 1-million-site measurement and analysis](https://www.cs.princeton.edu/~arvindn/publications/OpenWPM_1_million_site_tracking_measurement.pdf) (Englehardt, et al., 2016)

- [The Leaking Battery](https://eprint.iacr.org/2015/616.pdf) (Olejnik et al., 2015)

- [FPGuard: Detection and Prevention of Browser Fingerprinting](https://www.researchgate.net/publication/300781053_FPGuard_Detection_and_Prevention_of_Browser_Fingerprinting) (Weldemariam et al., 2015)

- [Fingerprinting web users through font metrics](https://fc15.ifca.ai/preproceedings/paper_83.pdf) (Fifield et al., 2015)

- [PriVaricator: Deceiving Fingerprinters with Little White Lies](https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/tr1-1.pdf) (Nikiforakis et al., 2014)

- [The Web Never Forgets: Persistent Tracking Mechanisms in the Wild](https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf) (Englehardt, et al., 2014)

- [Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting](http://consideredharmful.info/papers/Paper%20-%20Hot%20Topics%20in%20Computer%20Security%20-%20Cookieless%20Monster.pdf) (Nikiforakis et al., 2013)

- [Reducing the value of a browser fingerprint](https://www.researchgate.net/publication/302695509_Reducing_the_value_of_a_browser_fingerprint) (Jenkins et al., 2013)

- [Pixel Perfect: Fingerprinting Canvas in HTML5](https://hovav.net/ucsd/dist/canvas.pdf) (Mowery et al., 2012)

- [Fingerprinting Information in JavaScript Implementations](https://cseweb.ucsd.edu/~kmowery/papers/js-fingerprinting.pdf) (Mowery et al., 2011)

- [How Unique Is Your Web Browser?](https://panopticlick.eff.org/static/browser-uniqueness.pdf) (Eckersley, 2010)

## Attacks

- [Browser-based CPU Fingerprinting](https://publications.cispa.saarland/3745/) (Trampert et al., 2022)

- [Hacky Racers: Exploiting Instruction-Level Parallelism to Generate Stealthy Fine-Grained Timers](https://arxiv.org/pdf/2211.14647.pdf) (Ainsworth et al., 2022)

- [Targeted Deanonymization via the Cache Side Channel: Attacks and Defenses](https://leakuidatorplusteam.github.io/preprint.pdf) (Zaheri et al., 2022)

- [The Clock is Still Ticking: Timing Attacks in the Modern Web](https://tom.vg/papers/timing-attacks_ccs2015.pdf) (Nikiforakis et al., 2015)

- [Timing Attacks on Web Privacy](https://www.cs.umd.edu/~jkatz/TEACHING/comp_sec_F04/downloads/web-timing.pdf) (Felten et al., 2000)

## Articles

- [Explaining DrawnApart, a remote GPU fingerprinting technique](https://blog.amiunique.org/an-explicative-article-on-drawnapart-a-gpu-fingerprinting-technique/) (Laperdrix, 2022)

- [How anti-fingerprinting extensions tend to make fingerprinting easier](https://palant.info/2020/12/10/how-anti-fingerprinting-extensions-tend-to-make-fingerprinting-easier/) (Palant, 2020)

- [Shedding light on designing web features with privacy: risks, impact assessments, case study](https://blog.lukaszolejnik.com/shedding-light-on-designing-web-features-with-privacy-risks-impact-assessments-case-study/) (Olejnik, 2020)

- [Detecting Privacy Badger’s Canvas FP detection](https://adtechmadness.wordpress.com/2020/03/27/detecting-privacy-badgers-canvas-fp-detection/) (Adtech Madness, 2020)

- [JavaScript tampering – detection and stealth](https://adtechmadness.wordpress.com/2019/03/23/javascript-tampering-detection-and-stealth/) (Adtech Madness, 2019)

- [Bot detection 101 #3 – Cheating browser fingerprinting](https://adtechmadness.wordpress.com/2019/03/11/bot-detection-101-3-cheating-browser-fingerprinting/) (Adtech Madness, 2019)

- [Bot detection 101 #2 – Entering browser fingerprinting](https://adtechmadness.wordpress.com/2019/03/05/bot-detection-101-2-entering-browser-fingerprinting/) (Adtech Madness, 2019)

- [Bot detection 101 #1 – Preface](https://adtechmadness.wordpress.com/2019/03/04/bot-detection-101-1-preface/) (Adtech Madness, 2019)

- [Evaluating the privacy implications of a canvas fingerprinting countermeasure](https://antoinevastel.com/tracking/2018/07/01/eval-canvasdef.html) (Antoine Vastel, 2018)

- [Dull captaincy or the way Tor Project fights browser fingerprinting](https://github.com/KOLANICH-research/Article-2015-Dull-captaincy-or-the-way-Tor-Project-fights-browser-fingerprinting) (KOLANICH, 2015)

## Talks

- [FP-Radar: Early Detection of New Browser Fingerprinting Techniques](https://youtu.be/CO6ivi_IQDs) (Pouneh Nikkhah Bahram, 2021)

- [The Elephant In The Background: Empowering Users Against Browser Fingerprinting](https://www.youtube.com/watch?v=T6UtEjUWXzM) (Julian Fietkau, 2020)

- [Learning-based Practical Smartphone Eavesdropping with Built-in Accelerometer](https://www.youtube.com/watch?v=o4qJg32miVA) (Shiqing Luo, 2020)

- [Taming The Shape Shifter: Detecting Anti-fingerprinting Browsers](https://www.youtube.com/watch?v=7KYg8qV5Z1Y) (Babak Amin Azad, 2020)

- [Exploring the Privacy Threats of Browser Extension Fingerprinting](https://www.youtube.com/watch?v=mfmAWRzpbCU) (Soroush Karami, 2020)

- [Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors](https://www.youtube.com/watch?v=bsgTYQyaPG4) (Umar Iqbal, 2020)

- [Microarchitectural Attacks](https://www.youtube.com/watch?v=Dzyoc0vgSHY) (Daniel Gruss, 2019)

- [Two New Ways To Exploit A Fixed Browser Fingerprinting Flaw](https://www.youtube.com/watch?v=FBjlrVD5rOs) (Xiaoyin Liu, 2019)

- [Automated Methods for Fingerprinting Detection](https://www.youtube.com/watch?v=qFWPTeDSJn4) (Sarah Bird, 2019)

- [Next Steps For Browser Privacy: Pursuing Privacy Protections Beyond Extensions](https://www.youtube.com/watch?v=odtcH6UmkbU) (Peter Snyder, 2019)

- [Privacy, Standards, and Anti-Standards](https://www.youtube.com/watch?v=xxk9UKulC1c) (Peter Snyder, 2019)

- [Fingerprinting and Privacy on the Web](https://www.youtube.com/watch?v=OVh0oHbmla0) (Peter Snyder, 2019)

- [Browser fingerprinting: past, present and possible future](https://www.youtube.com/watch?v=PLVJ5yQb0vc) (Pierre Laperdrix, 2019)

- [Browser fingerprints for a more secure web](https://www.youtube.com/watch?v=P_nYYsaVi1w) (Julien Sobrier & Ping Yan, 2019)

- [JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks](https://www.youtube.com/watch?v=6SqIFs0_uBU) (Michael Schwarz, 2018)

- [Tales From the Trenches: Fingerprints on the Web - Igor Trindade Oliveira](https://www.youtube.com/watch?v=hZg0Ks_IHjQ) (Igor Trindade Oliveira, 2018)

- [Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies](https://www.youtube.com/watch?v=n-kN0Ys4yNM) (Antoine Vastel, 2018)

- [Tracking Browser Fingerprint Evolutions](https://www.youtube.com/watch?v=xNwfdsu4ZKE) (Antoine Vastel, 2018)

- [Navigating the Vast Ocean of Browser Fingerprints](https://www.youtube.com/watch?v=VUsTdf8r_m4) (Russell Thomas, 2018)

- [(Cross-)Browser Fingerprinting via OS and Hardware Level Features](https://www.youtube.com/watch?v=piftpgsZE9g) (Yinzhi Cao, 2017)

- [Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints](https://www.youtube.com/watch?v=p0doExrQwY0) (Pierre Laperdrix, 2016)

- [Panopticlick: Fingerprinting Your Web Presence](https://www.youtube.com/watch?v=3xQLy6lH5OE) (Bill Budington, 2016)

- [Everything you always wanted to know about web-based device fingerprinting (but were afraid to ask)](https://www.youtube.com/watch?v=5Y1Y96jC5AA) (Nick Nikiforakis, 2016)

- [Where does darknet anonimity end](https://www.youtube.com/watch?v=zKgKk5bsbdY) (Denis Makrushin, Maria Garnaeva, 2015)

- [Advanced Browser Fingerprinting](https://www.youtube.com/watch?v=kk2GkZv6Wjs) (Yan Zhu, 2015)

- [Website Fingerprinting Attacks and Defenses](https://www.youtube.com/watch?v=RJyQFaQsyz0) (Rob Johnson, 2014)

- [Web Fingerprinting: How, Who, and Why?](https://www.youtube.com/watch?v=aSfh0efL7rs) (Nick Nikiforakis, 2013)

- [How Unique is Your Browser](https://www.youtube.com/watch?v=1uYx-F-nvFM) (Peter Eckersley, 2010)

## Researchers

- https://antoinevastel.com (Antoine Vastel)

- https://plaperdr.github.io (Pierre Laperdrix)

- https://www.peteresnyder.com (Peter Snyder)

- https://lukaszolejnik.com (Lukasz Olejnik)

- https://www.securitee.org (Nick Nikiforakis)

- https://senglehardt.com (Steven Englehardt)

## Browser Mitigation

- [Mitigating Browser Fingerprinting in Web Specifications](https://www.w3.org/TR/fingerprinting-guidance) (W3C)

- [Technical Comments on Privacy Budget](https://mozilla.github.io/ppa-docs/privacy-budget.pdf) (Eric Rescorla, 2021)

## Test Sites

- https://arkenfox.github.io/TZP

- https://privacycheck.sec.lrz.de

- https://canvasblocker.kkapsner.de/test

- https://privacy-test-pages.glitch.me

## Test Suites

- https://www.lambdatest.com

- https://www.browserstack.com

- https://kobiton.com

- https://www.browserling.com

- https://crossbrowsertesting.com/

- https://saucelabs.com

## Stats

- https://developers.whatismybrowser.com/

- https://www.primegrid.com/gpu_list.php

- https://gs.statcounter.com/screen-resolution-stats

- https://arh.antoinevastel.com/reports/stats/menu.html

## API Documentation

- https://docs.w3cub.com/dom

- https://developer.mozilla.org